From 4ea879714985ff339810ed9f2b759dfcfa4bbc6c Mon Sep 17 00:00:00 2001 From: neri Date: Wed, 24 Aug 2022 10:32:51 +0200 Subject: [PATCH] always add X-Content-Type-Options: nosniff header --- src/download.rs | 5 +---- src/main.rs | 8 ++++++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/download.rs b/src/download.rs index b8801d1..4265236 100644 --- a/src/download.rs +++ b/src/download.rs @@ -6,7 +6,7 @@ use actix_web::{ http::header::{ Accept, CacheControl, CacheDirective, Charset, ContentDisposition, DispositionParam, DispositionType, Expires, ExtendedValue, Header, HeaderValue, HttpDate, TryIntoHeaderValue, - ACCEPT, CACHE_CONTROL, CONTENT_TYPE, EXPIRES, VARY, X_CONTENT_TYPE_OPTIONS, + ACCEPT, CACHE_CONTROL, CONTENT_TYPE, EXPIRES, VARY, }, web, Error, HttpRequest, HttpResponse, }; @@ -183,9 +183,6 @@ fn add_headers(req: &HttpRequest, download: bool, response: &mut HttpResponse) { HeaderValue::from_str(APPLICATION_OCTET_STREAM.as_ref()) .expect("mime type can be encoded to header value"), ); - response - .headers_mut() - .insert(X_CONTENT_TYPE_OPTIONS, HeaderValue::from_static("nosniff")); } // the reponse varies based on these request headers response diff --git a/src/main.rs b/src/main.rs index 68994e4..de1b0e6 100644 --- a/src/main.rs +++ b/src/main.rs @@ -11,7 +11,7 @@ use crate::rate_limit::ForwardedPeerIpKeyExtractor; use actix_files::Files; use actix_governor::{Governor, GovernorConfigBuilder}; use actix_web::{ - http::header::{HeaderName, CONTENT_SECURITY_POLICY}, + http::header::{HeaderName, HeaderValue, CONTENT_SECURITY_POLICY, X_CONTENT_TYPE_OPTIONS}, middleware::{self, DefaultHeaders, Logger}, web::{self, Data}, App, Error, HttpResponse, HttpServer, @@ -69,7 +69,11 @@ async fn main() -> std::io::Result<()> { move || { let app = App::new() .wrap(Logger::new(r#"%{r}a "%r" =%s %bbytes %Tsec"#)) - .wrap(DefaultHeaders::new().add(DEFAULT_CSP)) + .wrap( + DefaultHeaders::new() + .add(DEFAULT_CSP) + .add((X_CONTENT_TYPE_OPTIONS, HeaderValue::from_static("nosniff"))), + ) .wrap(middleware::Compress::default()) .app_data(db.clone()) .app_data(expiry_watch_sender.clone())